impala-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bharath Vissapragada (Code Review)" <ger...@cloudera.org>
Subject [Impala-CR](cdh5-trunk) IMPALA-2660: Respect auth_to_local configs from hdfs configs
Date Tue, 26 Apr 2016 03:55:48 GMT
Bharath Vissapragada has posted comments on this change.

Change subject: IMPALA-2660: Respect auth_to_local configs from hdfs configs
......................................................................


Patch Set 4:

>Isn't that an expectation for the behaviour of auth_to_local - that it will transform
supplied principals in order to enable authentication? Does Hadoop work like that?

Per my understanding of Kerberos, this is only called post authentication and auth_to_local
rules map the *authenticated* principal (aname) to a local user (lname). The corresponding
api call is krb5_aname_to_localname(). More details at 

http://web.mit.edu/kerberos/krb5-1.12/doc/appdev/refs/api/krb5_aname_to_localname.html#c.krb5_aname_to_localname
http://web.mit.edu/kerberos/krb5-1.12/doc/plugindev/localauth.html

And yes I think Hadoop works like that too.

-- 
To view, visit http://gerrit.cloudera.org:8080/2800
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I76485b83c14ba26f6fce66e5f83e8014667829e0
Gerrit-PatchSet: 4
Gerrit-Project: Impala
Gerrit-Branch: cdh5-trunk
Gerrit-Owner: Bharath Vissapragada <bharathv@cloudera.com>
Gerrit-Reviewer: Alex Behm <alex.behm@cloudera.com>
Gerrit-Reviewer: Bharath Vissapragada <bharathv@cloudera.com>
Gerrit-Reviewer: Henry Robinson <henry@cloudera.com>
Gerrit-Reviewer: Juan Yu <jyu@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sailesh@cloudera.com>
Gerrit-HasComments: No

Mime
View raw message